Quasi-static scheduling for concurrent architecturesjordicf/gavina/BIB/files/acsd03.pdf · ,...

Quasi-static scheduling for concurrent architectures

Jordi CortadellaUniversitat Politecnica de Catalunya

Barcelona, Spain

Alex KondratyevCadence Berkeley Labs

Berkeley, USA

Luciano LavagnoPolitecnico di Torino

Torino, Italy

Yosinori WatanabeCadence Berkeley Labs

Berkeley, USA

Abstract

This paper presents a synthesis approach for reactivesystems that aims at minimizing the overhead introduced bythe operating system and the interaction among the concur-rent tasks, while considering multiple concurrent executionresources. A formal model based on the notion of schedul-ing of Petri nets is used to perform the synthesis. We showhow the notion of projections of a schedule for the com-plete system onto the components implemented on separateresources is essential to define the correctness of the parti-tioned schedule.

1 Introduction

Embedded systems use computers and electronics to per-form some task, usually to control some physical system orto communicate information, without being explicitly per-ceived as a computer. Thanks to the ever-increasing perfor-mance at an ever-decreasing cost they are a preferred meansto offer ever-improving services to a multitude of drivers,callers, photographers, watchers, and so on. The phenom-enal growth of complexity and breadth of use of embeddedsystems can be managed only by providing designers withefficient methods for hardware or software synthesis, fromformal models that explicitly represent the available con-currency. Software is becoming particularly interesting asan implementation option, due to the simultaneous growthof mask costs, which makes Application-Specific IntegratedCircuits less appealing, and of CPU performance, whichmakes software a feasible choice even in presence of tightReal-Time constraints.

Concurrent specifications, such as dataflow net-works [11], Kahn process networks [9], CommunicatingSequential Processes [8], synchronous languages [6], andgraphical state machines [7], are interesting because they

expose the inherent parallelism in the application. How-ever, their mixed hardware-software implementation onheterogeneous architectures requires to solve a fundamentalscheduling problem. We assume in the following that thepreliminary allocation problem of functional processes toarchitectural resources has been solved, either by hand orby some appropriate heuristic algorithm. The task of thispaper is to define and solve the scheduling problem for aprocess-level concurrent functional specification allocatedto several computing resources, in particular processors.

Most embedded systems are reactive in nature, mean-ing that they must process inputs from the environment atthe speed and with the delay dictated by the environment.Scheduling of reactive systems thus is subject to two oftencontradicting goals: (1) satisfying timing constraints and (2)using the computing power without leaving the CPU idle fortoo long.

1.1 Static and Quasi-Static Scheduling

Static scheduling techniques do most of the work atcompile-time, and are thus suitable for safety-critical appli-cations, since the resulting software behavior is highly pre-dictable [10] and the overhead due to task context switchingis minimized. They may also achieve very high CPU uti-lization if the rate of arrival of inputs to be processed fromthe environment has predictable regular rates that are rea-sonably known at compile time.

Static scheduling, however, is limited to specificationswithout choice (Marked Graphs or Static Dataflow [11]).Researchers have recently started looking into ways of com-puting a static execution order for operations as much aspossible, while leaving data-dependent choices at run-time.This body of work is known as Quasi-Static Scheduling(QSS) [2, 12, 13, 3, 14]. The QSS problem, i.e. the ex-istence of a sequential order of execution that ensures nobuffer overflow, has been proven to be undecidable by [2]

Proceedings of the Third International Conference on Application of Concurrency to System Design (ACSD’03)

0-7695-1887-7/03 $17.00 © 2003 IEEE

for specifications with data-dependent choices. Our workfits in the framework proposed by [3], in which Petri nets(PNs) are used as an abstract model, that hides away cor-relations among choices due to the value of data that arebeing passed around. We improve over [3] because we nowconsider several execution resources, and thus produce aconcurrent schedule that exploits the available parallelismin both the specification and the implementation platform.

We use a game-theoretic intuitive formulation of theschedulability problem, in which the scheduler must win,by avoiding overflow of FIFO queues, against an adver-sary who can choose the outcome of non-deterministic data-dependent choices. The scheduler can resolve concurrencyin an arbitrary, resource-dependent, fashion using a policycalled “schedule” in the following, but it is not allowed to“starve” any input by indefinitely refusing to service it.

With respect to classical real-time scheduling theory, wefocus on the control and data dependencies between pro-cesses, and create tasks based on them. I.e., two fragmentsof processes allocated to the same resource (e.g., a CPU)and whose execution is triggered by the same input fromthe environment are merged into the same task, in orderto reduce inter-process communication and synchronizationoverhead. We allow splitting and duplication of processcode, in order to come up with an efficient grouping of codefragments into tasks. Classical real-time scheduling theorycan then be used to coordinate these tasks at run-time.

Further work will need to be devoted to the issue of op-timal allocation in order to satisfy real-time constraints. Incase inter-task scheduling is non-preemptive, the level ofgranularity at which processes can be merged also affectsthe overall schedulability.

1.2 Specification model

We consider a system to be specified as a set of con-current processes. A set of input and output ports aredefined for each process, and point-to-point communica-tion between processes occurs through uni-directional FIFOqueues between ports. Multi-rate communication is sup-ported, i.e. the number of objects read or written by a pro-cess at any given time may be an arbitrary constant.

Communication operations on ports, as well as internalcomputation operations are modeled by transitions in thecorresponding Petri net, while places are used to representboth sequencing within processes (a single token modelsthe program counter) and FIFO communication (the tokensmodel the presence of the data items, while hiding their val-ues).

Figure 1 depicts the specification of a concurrent sys-tem with a single master and two slaves, where the Masterprocess reads an input from the port IN and then sends arequest to one of the Slave processes. For communication

S2

IN

S1

PROCESS Master (InPort IN, OutPort S1, OutPort S2) {

}

READ(IN, req, 1); if(req.id == 1) { WRITE(S1, req.data, 1); } else { WRITE(S2, req.data, 1);

} postcomp();

while (1) {

READ(S1, data, 1); change_mode(data);}}

PROCESS Slave1 (InPort S1) { while (1) { standby(); READ(S2, data, 1); change_mode(data);}}

PROCESS Slave2 (InPort S2) {

standby();

Figure 1. Specification for master-slave sys-tem

f

y h

x z

b

d

a

c

e

standby();READ(S2, data, 1); change_mode(data);

standby();

READ(S1, data, 1); change_mode(data);

xy

z

h

d WRITE(S1, req.data, 1);

WRITE(S2, req.data, 1);

READ(IN, req, 1);a

Transition Operation

e

f postcomp();

Slave1Slave2

req.id==1

Master

(b)(a)

Figure 2. (a) Petri net model for the specifi-cation of Figure 1 (b) Operations associatedwith transitions

between processes, we support three types of operations:READ, WRITE, and SELECT. READ(port, data,rate) specifies an operation of reading data from the portport to a variable data, where the number of items readat a time is given by a constant integer rate. WRITEis similar, while SELECT(port1, port2) supportssynchronization-dependent control, where it probes thepresence of objects at the ports and non-deterministicallyselects one port with objects being available (See Fig-ure 5(c) for example). Figure 2 shows a Petri net that mod-els this specification.

2 Background

The following definitions introduce the nomenclatureused in the paper.

Definition 1 (Petri net) A Petri net is a 4-tuple N ��P� T� F�M��, where P is the set of places, T is the setof transitions, F � �P � T � � �T � P � � N is the flowrelation and M� � P � N is the initial marking. The setof reachable markings of a Petri net is denoted by �M�i.The fact that M � is reachable from M by firing transition tis denoted by M �tiM �. The pre-set and post-set of a nodex � P � T are denoted by �x and x�, respectively.

2


0-7695-1887-7/03 $17.00 © 2003 IEEE

Given a Petri net N with P � �p�� pn�,the notation Pre�t� is used to represent the vector�F �p�� t�� F �pn� t��. Given a set of nodes X , N n fXgdenotes the subnet of N obtained by removing the nodes inX and their adjacent arcs from N . If for any node x in PNN we have �x � x� � �, then N is called self-loop free.M�p� denotes a number of tokens in place p under markingM .

In this paper we use nets with source transitions, i.e. withempty pre-sets. These transitions model the behavior of theinput stimuli to a reactive system.

Definition 2 (Source and non-source transitions) Theset of transitions of a Petri net is partitioned into twosubsets as follows:

TS � ft � T j �t � �g� TN � T n TS �

TS and TN are the sets of source and non-source transi-tions, respectively. The set of source transitions TS is fur-ther partitioned into controllable T c

Sand uncontrollable T u

S

(T u

S� TS n T c

S) transitions.

Informally, the decision on firing controllable transitionsbelongs to the scheduler, while the firing of uncontrollabletransitions is governed by the environment and is out ofscheduler control. This aspect is elaborated in more detailin Section 3, when we introduce the definition of schedule.

Definition 3 (Free-choice set) For non-source transitionsTN a Free-choice Set (FCS) is defined as a maximal subsetof transitions C such that

�t�� t� � C s.t. t� �� t� and t�� t� � TN �

Pre�t�� Pre�t�� t�� t��

��

Transitions from one FCS set are always enabled simul-taneously. Firing of one of them disables the rest in caseof a safe net. This is a convenient mean to express a fullynon-deterministic behavior. We will call FCS�t� the set oftransitions that belong to the same FCS of t. Any conflictinside a FCS is said to be free-choice. In Section 3 thenotion of FCS is further extended to source transitions.

Definition 4 (Transition system) A transition system is a4-tuple A � �S�� sin�, where S is a set of states, � isan alphabet of symbols, � � S � �� S is the transitionrelation and sin is the initial state.

With an abuse of notation, we denote by se� s�� s �

s�� s �� s� � � �, different facts about the existence of atransition with certain properties.

A path p in a transition system is a sequence of tran-sitions s�

e��s�e��s� � � sn

en�sn��, such that

the target state of each transition is the source state of thenext transition and ei denote firing events. A path with mul-tiple transitions can also be denoted by s

�� s�, where � is

the sequence of symbols in the path.For a finer look at the internal structure of TS it is helpful

to distinguish firing regions of TS events.

Definition 5 (Firing region) Given a transition systemA � �S�� sin�, the firing region of an event e � �,denoted by FR�e�, is the set of states fs j s

e�g.

Definition 6 (Entry border) The entry border of a set ofstates S� is a subset of S� defined as follows:

EB�S�� fs� � S� j �s �� S� � s� s�g�

The entry border of a firing region is the set of states bywhich this region is entered in TS from outside.

In the suggested scheduling approach there is a close re-lationship between modeling the original system by a PNand a corresponding TS specifying the system schedule.

Definition 7 (TS conforming to a PN) Given a PN N ��P� T� F�M�� a TS A � �S�� sin� is said to be con-forming to N iff the following conditions are met:

1. � � T

2. There is a mapping � � S � �M�i, with ��sin� � M�.

3. If transition t is fireable in state s, with st� s�, then

��s��ti��s�� in N .

Note that in the reachability graph of a PN there is nodistinction between fireability and enabling because accord-ing to the PN semantics any enabled transition might fire.A TS conforming to a PN is introduced as a subset of thereachability graph in which the enabling of events coincideswith those in the PN (t is enabled in s when it is enabledin ��s�) but their fireability might differ. This feature, asshown in Section 3, allows a scheduler to control the fir-ing of system transitions by delaying them to the benefit ofderiving an efficient schedule.

3 Sequential schedule

Scheduling of a PN imposes the existence of an addi-tional control mechanism for the firing of enabled transi-tions. For every marking, a scheduler defines the set of fire-able transitions as a subset of the enabled transitions. Thecomposite system (PN+scheduler) proceeds from state tostate by firing fireable transitions.

The following definition is an extension of [4] to takeinto account the difference between controllable and uncon-trollable transitions.

3


0-7695-1887-7/03 $17.00 © 2003 IEEE

Definition 8 (Sequential schedule) Given a Petri net N ��P� T� F�M�� and a partition FC�T u

S� � fT u

Sg,

a sequential schedule of N is a transition systemSch � �S� T�� s�� with the following properties:

1. Sch is conforming to N and has a finite set of statesS.

2. If t� is fireable in s, then t� is fireable in s if and onlyif t� � FCS�t��.

3. For each state s � S, there is a path s��s�

t� for

each t � T u

S.

In order for this definition to be consistent, the notionof FCS is extended to source transitions. We assume thatfor controllable transitions FCSs are defined dynamicallyby the scheduler. These transitions can be fired arbitrarily(in conflict or not), because their firing is completely underscheduler control. Formally, given the set S of states of aschedule, the FCS for the set of controllable transitions T c

S

is defined as a mapping H � S � �Tc

S , such that for eachs � S, H�s� must be enabled ��s�.

For uncontrollable transitions, an FCS is defined as apartition FC�T u

S� � fT�� Tkg that is imposed on T u

S.

In particular FC�T u

S� could be the whole set of transitions

T u

S. This partition is included in the system specification.Property 1 of Definition 8 implies that the set of traces

of Sch is contained into that of N (any feasible trace in theschedule is feasible in the original PN). Property 2 indicatesthat one FCS is scheduled at each state. Finally, property 3denotes the fact that any input event from the environmentwill be eventually served.

Given a sequential schedule, a state s is said to be anawait state if all uncontrollable source transitions belong-ing to an FCS are fireable in s. An await state models asituation in which the system is “sleeping” and waiting forthe environment to produce an event.

Intuitively, scheduling can be deemed as a game betweenthe scheduler and the environment. The rules of the gameare the following:

� The environment makes a first move by firing any ofthe source transitions.

� The scheduler might pick up any of the enabled transi-tions to fire (property 2) with two exceptions:

(a) it has no control over choosing which of thesource transitions to fire and

(b) it cannot resolve choice for data-dependent con-structs (which are described by free-choice sets).

In cases (a) and (b) the scheduler must explore all pos-sible branches during the traversal of the reachability

ab

p2p3

a

p1

0

p2p1

p1p2 p2p2p1p1

a

a b

b

b

ba

a

c

p2

c

(b)

d b

c

0

(a) p2

c

p1

b

p3p2

p1p3

d

p3p3p2p2

aa

p3

p1

p1p2

a

d

b

d

b

Figure 3. Non-schedulable PNs

p2p7p10

p4p6p7p10p4p6p7p10

Sch1

yh

p7

p8

p9

p10

y h

x z

p1p7p9

p3p7p9

p4p5p7p9

p2p7p9

p4p6p7p9

p6p7p10

f f

p4p5p8p9

(c)

p4p5p8p9

p2p7p9

p3p8p9

h y

(b)

ff

x

Sch2

x

z

ed

cb

(a)

p7p9

ep2

b

p9p8p5

a

b c

d

aa

p9p8p5p6p7p10

p3p7p9

p1p7p9

p7p9

p6

d

z

p1

f

p4

Master (M) Slave (S)

p5

c

e

p3

Figure 4. Master-slave system.

space, i.e. fire all the transitions from the same FCS.However it can decide the moment for serving thesource transitions or for resolving a free-choice, be-cause it can finitely postpone these by choosing someother enabled transitions to fire.

The goal of the game is to process any input from theenvironment (property 3) while keeping the traversed spacefinite (property 1). In case of success the result is to bothclassify the original PN as schedulable and derive the set ofstates (schedule) that the scheduler can visit while servingan arbitrary mix of source transitions. Under the assumptionthat the environment is sufficiently slow, the schedule is anupper approximation of the set of states visited during real-time operation.

The notion of sequential schedule is illustrated in Fig-ures 3 and 4. Figure 3 shows two non-schedulable specifi-cations and parts of their reachability spaces. The impossi-bility to find a schedule for the PN in Fig. 3(a) stems fromthe inability of a scheduler to control the firing of sourcetransitions. A cyclic behavior in this PN is possible onlywith correlated input rates of transitions a and b. On theother hand, the PN in Fig. 3(b) is non-schedulable becauseof the lack of control on the outcome of free-choice resolu-tion for the place p�.

Figure 4(a) presents an example of a master-slave sys-tem in which the master is non-deterministically choosingwhich one of the two slaves to trigger. The two possibleschedules for this specification are given in Fig. 4(b)(c).These schedules show different interleavings of master andslave transitions.

4


0-7695-1887-7/03 $17.00 © 2003 IEEE

b cp1

0a

p2 p3

p4

ed

f

The resource for the master

SELECT(S1, S2) {

}

while(1) {Slaves {

}

case S1: S1_standby(); READ(S1, S1_data, 1); S1_change_mode(S1_data); break;

case S2: S2_standby(); READ(S2, S2_data, 1); S2_change_mode(S2_data); break;

p7p9

p5p7p9

p6p7p10 p5p8p9y

d e

z xp6p7p9

h

The resource for the two slaves Code generated from (b) (a) (b) (c)

Figure 5. Schedules for the Master and the twoSlaves

4 Concurrent schedules

4.1 Problem Overview

To address the scheduling problem with multiple re-sources for implementation, we assume that an allocationhas been already determined, and we take it as input in ad-dition to the Petri net for the specification. Intuitively, anallocation can be considered as a mapping from each transi-tion to the resource that executes the operations representedby the transition. For example, in the Petri net shown in Fig-ure 2, all the operations of the two Slave processes may beallocated to one resource, while those of the Master processmay be allocated to another resource. In practice, we em-ploy some restrictions on allocations, as formally defined inSection 4.2.

Given a Petri net and its allocation, the problem is to finda sequential schedule for the operations allocated to eachresource. In the Master-Slave example, one may obtain theschedules given in Figure 5(a) and (b) for the resources forthe Master and the two Slaves respectively. Figure 5(c) de-picts the code generated from the schedule of Figure 5(b).

A naive approach for this scheduling problem is to com-pute a sequential schedule for each resource independently.However, this approach often results in a deadlock whenthe schedules are executed altogether. This problem can beillustrated as follows. In Master-Slave example, the allo-cation given above defines two Petri net fragments, one forthe Master and the other for the two Slaves, as shown inFigure 6(a) and (c) respectively. Note that the Petri net forthe Slaves has transitions d and e as source transitions, eventhough their operations are allocated to the resource for theMaster. This is because the executions of these operationsneed to be taken as input in order to define the behavior ofthe Slaves.

The naive approach will take these Petri nets, and find asequential schedule for each. For the Petri net representingthe Slaves, one needs to decide whether the source transi-tions d and e should be treated as controllable or uncontrol-lable, without knowing the behavior of the Master process.Treating them as uncontrollable is not good in general, since

(b)

f

ed

p4

Sch_M

p3p2

a

p2

b

d

a

Master (M)

c

e

p3

p1

p4

f

z

p6

d

h

0

p1

e x

cb

(a)

y

Sch_S

p7

p8

p9

p10

y h

x z

p5

e d

Slave (S)

(c)

(d)

p4, p6p7p9

b

p7p9 p7p10 p6p7p10

p7p9p8p9p5p8p9

z

c

c

a

a

z

(e)

0, p7p10

Sch_M || Sch_S

z0, p7p9

p1, p7p9

p1, p7p10

p3, p7p10p2, p7p10

p2, p7p9 p3, p7p9

deadlock

Figure 6. Schedules whose interaction leadsto a deadlock

it works only when their operations are in conflict in theMaster. Once they are treated as controllable, one needs todecide when and how they are fired in the schedule for theSlaves. Suppose that the schedules shown in Figure 6(b)and (d) have been obtained for the Master and the Slaves.How these schedules interact when executed in the two re-sources can be identified by taking the parallel compositionof the two, as partially shown in Figure 6(e). As shown inthe figure, a deadlock can result for these schedules, if forexample the resource for the Slaves executes the transitionz while the resource for the Master executes a and c. Inthe original specification shown in Figure 2, if a and c areexecuted, then transition e has to be executed. However, theschedule for the Slaves treated e as a controllable source,and it can be executed only after h, according to the sched-ule of Figure 6(d). Since h requires d to be executed in thespecification and since d is in conflict with a, the deadlockresults. This kind of causality relation between the Mas-ter and Slave processes cannot be identified when sched-ules are computed independently for the resources, and thusthe naive approach works only when it by chance finds cor-rect schedules for all the resources. In the next sections, weshow conditions under which schedules for the resources donot cause this problem, and present a procedure that findsschedules accounting for these conditions.

4.2 Allocation

In [3] it was shown that the main advantage of the im-plementation obtained by sequential QSS with respect tothe one directly implementing a set of concurrent processesis a drastic decrease of the communication overhead. Forthe case of a single computational resource (e.g. a CPU),sequential QSS gives an optimal solution. However whenseveral computational resources are available the sequen-tial implementation might result in a significant perfor-mance penalty. This motivates an investigation of concur-

5


0-7695-1887-7/03 $17.00 © 2003 IEEE

rent schedules.When several computational resources are available, the

actions of the original specification (PN transitions) mustbe assigned to resources for implementation. In quasi-staticscheduling this assignment is done statically and is formal-ized through the notion of allocation. A concurrent scheduleis defined with respect to a given allocation, and the prob-lem of finding an optimal allocation is left to future work.

Definition 9 (Allocation) Given a Petri net N ��P� T� F�M�� an allocation defines a partition of T ,Alloc�T � � T � f�� ng (where each integerbetween 1 and n denotes a resource) with the followingproperties:

1. �p� �t�� t� � �p � Alloc�t�� Alloc�t��

2. �p� �t�� t� � p� � Alloc�t�� Alloc�t��

3. �p� ��t� � �p� � �t� � p�� Alloc�t�� Alloc�t�� FCS�t�� ft�g.

Transitions with the same allocation value are meant tobe implemented by a single resource. This uniquely de-fines an FC partition of uncontrolled transitions: a sourcepartition is called allocation matching when �ti� tj � T u

S ,ti� tj belongs to the same FCS if and only if Alloc�ti� �Alloc�tj�.

Note that for non-source transitions allocation preservesFCS partitioning because all the output transitions of thesame choice place must be put in the same allocation clus-ter. The places between transitions with different allocationvalues are interpreted as port places and are used for re-source interfacing. Property 1 and 2 of allocation guaranteethat writing to (reading from) port places could be done bytransitions allocated to the same resource only, while Prop-erty 3 tells that writing is always done in a deterministic waythat ensures a separation between making non-deterministicchoice and performing communication.

It is easy to see that for a PN derived from a set of con-current processes (see Section 1) any allocation that re-spects process boundaries (i.e. all transitions of the sameprocess are assigned the same allocation value) satisfiesProperties 1-2. To satisfy Property 3 one might need to in-troduce silent transitions to decouple choice and communi-cation. The latter is always possible and is known to be anequivalent transformation.

In that way for the suggested specification style an allo-cation could execute several processes on single resource,but it never splits processes between several resources.

Definition 10 Given a Petri netN � �P� T� F�M�� with anallocation Alloc�T �, an allocation cluster i is a PN subnetdefined by a subset of transitions Ta � Tinternal � Tinput,where t � Tinternal �� Alloc�t� � i, while t �

Tinput �� t � ��t�� Alloc�t�� i� and subsetof places Pa �� Tinternal�.

I.e. a cluster contains transitions with the same allocationvalue and their immediate predecessors and places that areinput to its internal transitions.

Figure 4(a) shows an allocation for the Master-Slave ex-ample that naturally partitionsMaster and Slave function-ality on different resources. It is easy to check that this al-location satisfies Properties 1-3 of Definition 9.

The clusters for Master and Slave corresponding to theallocation in Figure 4(a) are shown in Figure 6(a) and (c) re-spectively. Note that clusters are overlapping by input tran-sitions of port places (transitions d and e for Slave).

4.3 Definition of concurrent schedule

The game-theoretic interpretation of scheduling dis-cussed in Section 1 can be extended to concurrent schedul-ing. However, the rules of the game must be extended totake care about the proper composition of distributed partsof the scheduler implementation, since the global scheduleris indeed a composition of one local scheduler per resource.

These extensions concern two main issues 1) the com-mitment to decisions about transition fireability and 2) thereceptiveness to environment inputs.

Definition 11 (Persistent firing region) Given TS A ��S�� sin� conforming to PN N , FR�t� is called per-

sistent in A if �s � FR�t� such that st�

� s�� s� �� FR�t�either 1) t� � t or 2) t becomes disabled in s� or 3) transi-tions t and t� belong to the same FCS.

Note that cases 2 and 3 are different. On one hand, tran-sitions of non free-choice PNs can disable each other andnot be in the same FCS (i.e. Case 3 does not cover Case 2).On the other hand, source transitions cannot be disabled,but can belong to the same FCS (i.e. Case 2 does not coverCase 3).

Informally, one can exit from a firing region for t eitherby firing t or by disabling t through the firing of some othertransition t� which is in conflict with t. For source transi-tions the disabling is interpreted in a broader sense as con-tainment in the same FCS (see Condition 3).

Persistency helps to formulate the commitment of thedistributed scheduler to the decisions about transition fir-ings and makes it impossible for a scheduler to “withdrawits moves” when playing against the environment.

Another important requirement is the receptiveness ofa schedule. It describes the ability to make progress un-der any input generated by the environment. Receptivenessof a sequential schedule is guaranteed by forcing the fir-ing of all source transitions once any of them becomes fire-able (in await states). For a concurrent schedule it would

6


0-7695-1887-7/03 $17.00 © 2003 IEEE

FR(t)

Figure 7. Receptive firing region.

be too restrictive to synchronize all source transition firingsin a single state. For efficient operation, processes imple-mented by different resources must be able to move fasteror slower with respect to their neighbors. Therefore it ispossible that, due to the difference of speed among pro-cesses, some source transitions become enabled earlier thanothers. Then if the environment produces inputs for fasterprocesses at a faster rate, these processes might benefit fromthat by not waiting for the rest of the system to catch up at acommon synchronization point. However, this is not a hardrequirement for the environment, which still behaves non-deterministically and produces the inputs at will. In orderto guarantee progress for any input combination, the relaxedreceptiveness property below states that every time a sourcetransition t becomes enabled, it is still possible to reach anawait state through the firing of non-source transitions con-currently fireable with t. This ensures that the schedulescannot favor some of the uncontrollable input transitionswith respect to others.

Definition 12 (Receptive firing region) The firing regionFR�t� of source transition t is called receptive if for everystate s from the entry border of FR�t� any maximal trace 1

� � s�� not containing source transitions and not leaving

FR�t� ends up in an await state within FR�t�.

Definition 12 states that once a firing region of somesource transition t is entered and the firing of source tran-sitions (including t) is postponed by the scheduler, thensooner or later a state with all source transitions being fire-able (await state) is reached (see Figure 7).

Allocation, receptiveness and persistency are the newfeatures (with respect to the sequential case) that one needsto consider in defining concurrent schedules.

Definition 13 (Concurrent schedule) Given a Petri netN � �P� T� F�M��, allocation Alloc�N� and partitionFC�T u

S� matching it, a concurrent schedule of N is a tran-

sition system Sch � �S� T�� s�� with the following prop-erties:

1. Sch is conforming to N and has a finite set of statesS.

1� is maximal with respect to property P if for any trace �� extending

� (�� a), P is violated.

p6

p1

p3

e

p4p6p7p10

c

p5

Slave (S)Master (M)

p7

p8

p9

p10

y h

x zp4

a

f

d

b

p4p7p9

p2

(b)

FR(y)

p5p8p9

p1p6p7p10 p1p5p8p9y

haa

f f

y

y

h

h

p3p7p9

(a)

p7p9

p1p7p9

p2p7p9

p4p6p7p9

p6p7p10

a

b c

d e

z xp4p5p8p9

p4p5p7p9

Figure 8. Concurrent schedule for master-slave specification.

2. If t� is fireable in s, then any t� � FCS�t�� is fireablein s as well, while any t� �� FCS�t�� with Alloc�t�� Alloc�t�� is not fireable in s.

3. All firing regions are persistent.

4. All firing regions of uncontrollable transitions are re-ceptive.

5. For each state s � S, there is a path s��s�

t� for

each t � T u

S.

The need for Properties 3 and 4 in defining concurrentschedules has been discussed already. Property 2 is an ex-tension of the similar requirement in sequential schedules.It tells that all transitions from the same FCS must be fire-able simultaneously. Moreover it tells that at most one FCSfrom a cluster can be fireable in a schedule state. This im-plies that every cluster is implemented sequentially.

Figure 8(b) shows a concurrent schedule for the master-slave example. One can easily check that it satisfies Prop-erties 1- 5. The shadowed area corresponds to a persistentfiring region for transition y.

4.4 Construction of concurrent schedule

A concurrent schedule provides a global view on the be-havior of all resources used in allocation. Ideally such aview should be derived as a composition of local sched-ules: one per resource (cluster). This strategy howevermeets some difficulties that were discussed in Section 4.1.It was shown there that an independent scheduling of eachallocation cluster does not ensure the consistency of fir-ing read/write transitions that produce/consume data in portplaces. To guarantee consistency, we suggest first to con-struct a sequential schedule for the whole system. A se-quential schedule provides a uniform starting point for de-riving schedules for clusters. Cluster schedules are obtainedby projecting the global sequential schedule on the set ofcluster transitions. This design flow is illustrated in Fig-ure 9.

7


0-7695-1887-7/03 $17.00 © 2003 IEEE

PN Concurrentschedule

Allocation

...

Cluster_1

Cluster_k

Projecting Composition

Sequential QSS

Figure 9. Concurrent scheduling flow.

A schedule projection is defined as a sequence of trans-formations of the underlying TS. The following notation isintroduced to describe them:

1. Pred�s� � fsi j sie� sg (set of immediate predeces-

sors of s)

2. Succ�s� � fsi j se� sig (set of immediate successors

of s)

Definition 14 (State merge) Given a TS A � �S�� sin� and a pair of states s�� s� � S, the merge of s�� s�results in a new TS A� � �S�� s�

in� such that S� �

�S � fs��g� n fs�� s�g and Pred�s�� Pred�s�� Pred�s��nfs�� s�g, Succ�s�� Succ�s��Succ�s��nfs�� s�g, while for the rest of states in A� the sets of theirpredecessors and successors coincide with those in A.

Merging a pair of states s�� s� replaces these states bya single state s�� which combines immediate predecessorsand successors from s� and s�.

Definition 15 (TS projection) Given a TS A � �S�� sin� and a set of events E � �, the projection of A on E

is a TS obtained by merging every pair of states s�� s� suchthat s�

e� s� � �e �� E�.

Proposition 1 For a given TS A � �S�� sin� and setof events E � �, the projection of A on E is unique.

The proof immediately follows from the commutativityof the � operation.

Definition 16 (Deterministic TS) A TS A � �S�� sin� is deterministic iff

1. �se�� s�� s

e�� s� � �e� � e� � s� � s��.2. �s�

e�� s� s�e�� s � �e� � e� � s� � s��.

Definition 17 (Determinization of TS) The determiniza-tion of a TS A � �S�� sin� is the TS obtained fromA as the fixed point in applying state merging for every pairof states s� �� s� such that either

1. �s� e j se� s�� s

e� s� or

2. �s� e j s�e� s� s�

e� s

Proposition 2 The determinization of a TS is unique.

The proof follows from the fact that the set of immedi-ate successors and predecessors is monotonically increasingduring state merging, and that the pre-conditions for merg-ing are transitive. Therefore if a pair of states s� and s�are merged into a single state s�� then any other state s�that satisfies the conditions of determinization either in pairwith s� or in pair with s�, would clearly satisfy the deter-minization conditions for the pair fs�� s��g.

Proposition 2 proves the soundness of Definition 17 as itstates the uniqueness of the fixed point during state merging.

Definition 18 (Schedule projection) Given a scheduleSch � �S�� sin� and a set of events E � �, theprojection of Sch on E is the result of projection on E anddeterminization of the underlying TS.

4.5 Consistent schedules

Definition 19 Given a Petri net N � �P� T� F�M�� andclusters C�� Ck defined by allocationAlloc�N�, the setof sequential schedules SchC�

� � � � � SchCk of C�� Ck iscalled consistent if their parallel composition is isomorphicto a concurrent schedule of N .

Projecting a sequential schedule of PN N onto subsetsof events of clusters C�� Ck is the constructive way inwhich we would like to seek for a consistent set of sched-ules. However projecting a sequential schedule onto a setof events of a cluster does not always result in a valid se-quential schedule for this cluster. To illustrate that, let usreturn to the Master-Slave example and its sequential sched-ule Sch� from Figure 4(c).

The clusters for Master and Slave are shown in Fig-ure 6(a)(c). The result of projecting Sch� onto sets ofevents TM and TS of these clusters is illustrated by Fig-ure 10.

A closer look at the slave projection Proj�S� showsthat, because of merging of states labeled with transitionsa� b� c� f (these transitions do not belong to TS), both z

and x are fireable in the initial state of Proj�S�. How-ever, in a sequential schedule only transitions from the sameFCS could be fireable in a particular state. But z and x donot belong to the same FCS in the PN for Master-Slave.Section 4.2 points out that allocation must preserve FCSs.Therefore Proj�S� is not a valid sequential schedule forSlave because it fires transitions from different FCSs inthe same marking.

The following Proposition gives a constructive way tocheck whether projections of a sequential schedule of theoverall system result in a consistent set of schedules for itsclusters.

Proposition 3 Let C�� Ck be a set of clusters of PNN � �P� T� F�M�� defined by allocation Alloc�N� and let

8


0-7695-1887-7/03 $17.00 © 2003 IEEE

p7p9

p1p7p9

a

(a)

p2p7p9

p6p7p10

z

d

f

p3p7p9

p9p8p5

x

e

f

b c

hy

(c)

Proj(S)

p7p9z x

p7p10 p8p9

p6p7p10 p5p8p9d e y

h

p2p7p10

p4p6p7p10

p3p8p9

p4p5p8p9

b cp1

Proj(M)

0a

p2 p3d e

p4f

(b)

Sch2

Figure 10. Inconsistent projections.

Sch1

p7p9

p1p7p9

a

(a)

p2p7p9

p6p7p10

f

p3p7p9

p9p8p5f

b c

hy

(c)

Proj_S

p7p9

p5p7p9

p6p7p10 p5p8p9y

h

b cp1

Proj_M

0a

p2 p3

z x

d e ed

p4

d e

z xp6p7p9

p4p6p7p10

p4p6p7p9

p4p5p8p9

p4p5p8p9f

(b)

Figure 11. Consistent projections.

Sch be a sequential schedule of N . If the set of projectionsPR � fProj�C�� P roj�Ck�g of Sch onto events ofC�� Ck gives sequential schedules for C�� Ck , thenPR is consistent.

See the Appendix for the proof.One could construct many sequential schedules by the

very same PN, with different event interleavings (decidingthe order of event firing is the main part of a scheduler pol-icy). Some of these schedules might serve better in derivinga set of consistent projections.

To illustrate this let us explore another sequential sched-ule Sch� for the Master-Slave example (Figure 11(a)).Sch� differs from Sch� in Figure 10(a) by reversing theorder of concurrent transitions d� z and e� x. Projections ofSch� onto clusters for Master and Slave (Figure 11(b)and (c) respectively) give sequential schedules for theseclusters and therefore present a consistent set of schedules.Contrary to Figure 10(c), in the initial state of Slave pro-jection of Figure 11(c) only controllable transitions are fire-able. This does not contradict the FCS relation because forcontrollable transitions FCSs are defined dynamically.

The capability of a sequential schedule to produce a con-sistent set of projections under the given allocation can betaken into account during the construction of a schedule.Let us assume for simplicity that the schedule is constructedin such a way that no two states of a schedule get the samemarking. I.e., the schedule is minimized on the fly by merg-

ing the states with the same markings2. Let us associatewith every state of the schedule not only the correspondingPN marking, but also the local markings for each alloca-tion cluster, obtained as projections of PN markings ontothe subset of places defined by the cluster. Every time anew schedule state s is generated (s �� M�m�� mn �,where M is a PN marking and m�� mn are local mark-ings for clusters 1,...,n) it must pass the consistency checkas follows:

� for each allocation cluster Ci� i � �� n do

– In the currently obtained set of schedule statesfind the subset S�mi� in which all local mark-ings for Ci coincide with mi (these states wouldcorrespond to the same state in the projection forcluster Ci)

– If the union of fireable transitions of states fromS�mi� is not in the same FCS then exit(failure)

� exit(success)

If the check for consistency of the state s returns “suc-cess”, the schedule continues with s, while in case of failureit backtracks and explores different ordering of transitionfirings. In that way the consistency check serves as an addi-tional condition for termination.

The above procedure illustrates that algorithms used togenerate a sequential schedule, e.g. the one in [3], need mi-nor modifications to include that consistency check. It ispossible that backtracking in the generation process hap-pens more often than in the sequential case. This problemcould be alleviated by developing heuristics and exploringsufficient conditions that simplify the consistency analysis,but this is left to future work.

5 Conclusions

This paper proposes a method that bridges the gap be-tween specification and implementation of reactive sys-tems. From a set of communicating processes, and by de-riving an intermediate representation based on Petri nets,a set of concurrent tasks that serve input events with mini-mum communication effort is obtained. We extend previouswork by considering a more general definition of the con-cept of schedule, considering concurrent implementations.This considerably increases the applicability of the method,but requires additional considerations in order to prove thattasks scheduled on different resources interact correctly anddo not deadlock due to the partitioning.

2The case when several schedule states corresponds to the same mark-ing could be treated in a similar way but requires some additional book-keeping.

9


0-7695-1887-7/03 $17.00 © 2003 IEEE

In the future, we would like to apply our technique torealistic examples, and consider the problem of allocatingprocesses to resources in order to improve the performanceof the resulting schedules, under cost and real-time con-straints.

AcknowledgmentThis work has been partially funded by a grant from Ca-

dence Design Systems and CICYT TIC2001-2476.

References

[1] G. Arrigoni, L. Duchini, L. Lavagno, C. Passerone,and Y. Watanabe. False path elimination in quasi-staticscheduling. In Proceedings of the Design Automationand Test in Europe Conference, March 2002.

[2] J. Buck. Scheduling dynamic dataflow graphs withbounded memory using the token flow model. PhDthesis, U.C. Berkeley, 1993.

[3] J. Cortadella, A. Kondratyev, L. Lavagno, M. Mas-sot, S. Moral, C. Passerone, Y. Watanabe, andA. Sangiovanni-Vincentelli. Task Generation andCompile-Time Scheduling for Mixed Data-ControlEmbedded Software. In Proceedings of the 37th De-sign Automation Conference, June 2000.

[4] J. Cortadella, A. Kondratyev, L. Lavagno,C. Passerone, and Y. Watanabe. Quasi-staticscheduling of independent tasks for reactive systems.In Proceedings of the International Conference ofAppliaction and Theory of Petri Nets, 2002.

[5] E.A. de Kock, G. Essink, W.J.M. Smits, P. van derWolf, J.-Y. Brunel, W.M. Kruijtzer, P. Lieverse, andK.A. Vissers. YAPI: Application Modeling for Sin-gal Processing Systems. In Proceedings of the ��th

Design Automation Conference, June 2000.

[6] N. Halbwachs. Synchronous Programming of ReactiveSystems. Kluwer Academic Publishers, 1993.

[7] D. Har’el, H. Lachover, A. Naamad, A. Pnueli, et al.STATEMATE: a working environment for the devel-opment of complex reactive systems. IEEE Transac-tions on Software Engineering, 16(4), April 1990.

[8] C. A. R. Hoare. Communicating Sequential Processes.International Series in Computer Science. Prentice-Hall, 66 Wood Lane End, Hemel Hempstead, Hert-fordshire, HP2 4RG, UK, 1985.

[9] G. Kahn. The semantics of a simple language for par-allel programming. In Proceedings of IFIP Congress,August 1974.

[10] H. Kopetz and G. Grunsteidl. TTP – A protocolfor fault-tolerant real-time systems. IEEE Computer,27(1), January 1994.

[11] E. A. Lee and D. G. Messerschmitt. Static schedulingof synchronous data flow graphs for digital signal pro-cessing. IEEE Transactions on Computers, January1987.

[12] B. Lin. Software synthesis of process-based concur-rent programs. In 35th ACM/IEEE Design AutomationConference, June 1998.

[13] M. Sgroi, L. Lavagno, Y. Watanabe, andA. Sangiovanni-Vincentelli. Synthesis of em-bedded software using free-choice Petri nets. In 36thACM/IEEE Design Automation Conference, June1999.

[14] K. Strehl, L. Thiele, D. Ziegenbein, R. Ernst, andet al. Scheduling hardware/software systems usingsymbolic techniques. In International Workshop onHardware/Software Codesign, 1999.

6 Appendix

Before proving Proposition 3, let us introduce some ad-ditional notions and show the validity of an intermediateproperty.

Definition 20 (Projection image) Given a TS A� obtainedby projection and determinization of TS A � �S�� sin� on events E � �, the image of a state s � A� is theset of states in A that are merged into s (denoted by im�s�).

Property 1 Let Proj�C� be the projection of a sequen-tial schedule Sch onto subset of events TC of an alloca-tion cluster C � �PC � TC � FC �MC

��. Then for any state

s� � Proj�C� the projections of PN markings onto PC forall Sch states in the image of s� coincide.

Proof: Let us consider the construction of Proj�C� in twosteps:

– Proj��C� as a result of state merging because of hid-ing events from T n TC and

– Proj��C� as a result of determinization of Proj��C�.

Let s�� s� � Sch and s�t� s� where t �� TC . Then

s� and s� have the same image s� � Proj�C� because theymust be merged. Allocation defines a partition on the set ofplaces P of the original PN. From this follows that t cannotchange the marking of any of the place from PC and henceprojections of ��s�� and ��s�� onto PC coincide (projec-tion of a marking ��s� on a subset of places PC results inremoving from ��s� all the places that are not in PC , thisprojection will be called local marking of cluster C). From

10


0-7695-1887-7/03 $17.00 © 2003 IEEE

this follows that all states of Sch in the image of any statefrom Proj��C� have the same local markings.

Consider s�t� s�� and s�

t� s�� in Proj��C�, where

t � TC . Then in Sch there exist two pairs of states s�t� s�

and s�t� s� such that s� and s� belong to the images of s�

and s��, and s� and s� belong to the images of s� and s��.Since s� and s� have the same image, their local markingscoincide. From this follows that ��s�� and ��s�� have thesame local markings because they are obtained as a resultof the firing of the same transition t from the same localmarking. Hence ��s�� s��. �

Note. For the schedules in which no two schedule statehave a same marking the projections could be derived bysimply projecting Sch markings onto local markings andthen merging all projection states that have the same localmarkings.

Proposition 3. Let C�� Ck be a set of clusters of PNN � �P� T� F�M�� defined by allocation Alloc�N� andSch be a sequential schedule of N . If the set of projectionsPR � fProj�C�� P roj�Ck�g of Sch onto events ofC�� Ck gives sequential schedules for C�� Ck thenPR is consistent.Proof: Let us show that the parallel composition ofC�� Ck (denoted by jjC��k) satisfies Definition 13 ofconcurrent schedule.

�Conformance to PN and finiteness (Condition 1 of Def-inition 13).

The set S of states of a parallel composition is finite be-cause each of the projections is finite. To show the confor-mance of jjC��k to PN N one needs to show the existenceof a mapping from states of the schedule to PN markingsand make sure that events are fired in a schedule state onlywhen they are enabled in the corresponding marking (seeDefinition 7).

Let us construct the mapping � S � M�i, with��s�� M�. � is obtained through the union oflocal markings for states from S, i.e. for any s �S (s �� s�� sk �, where s�� sk are states ofProj�C�� P roj�Ck�) the mapping � provides a mark-ing ��s� which is obtained as a union of local markings ofs�� sk. Let us show that ��s� corresponds to a PN mark-ing in M�i and any fireable transition in s is enabled in��s�.

Let us apply induction on the length of the path from s�to s.

��s�� M� is trivial and directly follows from the rulesof projection. Let a be fireable in s. Then for every clusterCi such that a � Ci, transition amust be fireable in the localstate si (due to the rules of parallel composition). Alloca-tion defines a partition and therefore the set of all clustersCi

such that a � Ci contains all input places of a in the originalPN (with each place having sufficient number of tokens for

enabling of a). Therefore if sa� then a is enabled in ��s�.

Moreover, the additivity of marking change implies that ifs

a� s�, then ��s�� coincides with the marking obtained

from ��s� by the firing of a. Condition 1 is proved.

� FCS fireability (Condition 2 of Definition 13).It t� fireable in a schedule state s of jjC��k then t� is

also fireable in a local state si of cluster Ci containing t�.Allocation preserves FCS and therefore any t� � FCS�t��is also fireable in si. Hence t� must be fireable in s as well.From Proj�Ci� being a sequential schedule it follows thatonly one FCS from clusterCi could be fireable in local statesi. Therefore in schedule state s at most one FCS from eachcluster is fireable.

� Persistency (Condition 3 of Definition 13).Let us assume that persistency is violated in jjC��k, i.e.

sa� s�, s

b� s� and a is not fireable in s�. Clusters do

not overlap on places and therefore events from differentclusters could not disable each other. Then there must ex-ist a local state si with a� b � Ci such that the firing of bdisables a in Ci. Then b and a must be in the same FCSin Proj�Ci�. Hence a and b are in the same FCS in theoriginal PN as well which satisfies persistency.

� Receptiveness (Condition 4 of Definition 13).Let state s �� s�� sk � in jjC��k belong to the entry

border of the firing region FR�t� of uncontrolled sourcetransition t and t � Ci. Then t is fireable in state si ofcluster Ci. According to projection rules the image of si inSchseq contains an await state sa and all states from whichsa is reached by firing transitions that are not from Ci. Letus take state s� � Schseq which is in the entry border ofim�si� (see Figure 12). From s� there exists a trace � intoawait state sa which does not contain transitions fromCi orfrom T u

S (� � �� in Figure 12). By � one can derivea parallel run jj� which contains all possible permutationsof concurrent transitions in �. s� is chose in such a way thats is in jj�. Therefore in jjC��k there exists a trace from s toawait state sa that is covered by the set of traces jj�. It is amaximal trace because it cannot be extended beyond sa.

To prove that any maximal trace from s has the sameproperty let us consider traces ofSchseq whose parallel runscorrespond to maximal traces from s. Let them start froms� but diverge with �. Any such trace � (� � �� in Fig-ure 12) either ends up in an await state (see Property 3 ofDefinition 8) or it has a loop from non-source events (tracew in Figure 12). In the latter case however the trace corre-sponding to the loop is not maximal.

� Liveness with respect to uncontrollable transitions(Condition 5 of Definition 13).

Instead of cyclic objects for the schedule andits projections, let us consider their acyclic in-finite representations in the form of unfoldings

11


0-7695-1887-7/03 $17.00 © 2003 IEEE

as

s’

s ’a

im(s )i

ω

σ2

σ1

δ1

δ2

δ3

Figure 12. Proof of receptiveness.

Schuseq � P roj�C��u� �� P roj�Ck�

u� jjCu��k. Suppose

that in jjCu��k there exists a state s �� s�� sk � from

which a source transition a is unreachable. Without lossof generality one can assume a � C�. Let us consider thecomposition jjC��k of projectionsProj�C�� P roj�Ck�.

–Case 1. jjC��k is a concurrent schedule for the subnetof the original PN N obtained by deleting transitions fromC� together with their output places.

Then the non-liveness of a stems from the inconsistencyof C��k and C�. Transition a is unreachable in jjCu

��k froms �� s�� sk �. However in Proj�C��

u there must be a

feasible sequence of fireable transitions b� c� �� j s�b� s�

�

c�

��s�ia� because according to conditions of Proposition 3,

Proj�C�� is a sequential schedule for C�. Let state s bechosen in such a way that b is not fireable in s (if b is fireable

in s then we will consider state s� j sb� s� and the next

transition c in the sequence from s� to s�i ). Then b is notfireable in state s only if s contains local state sj j sj �Proj�Cj�

u, where b � Cj and b is not fireable in sj .

– Case 1.1. b is not reachable in Proj�Cj�u.

In Schuseq let us consider state sb � im�s�� j sbb�

and a set of states im�sj�. None of the states from im�sj�can precede sb, otherwise b would be reachable from sj inProj�Cj�

u. State sb cannot precede states from im�sj� bythe choice of sj (otherwise b cannot be blocked in s). Letus choose the last state sl in Schuseq such that sl

�� sb and

�s � im�sj� j sl�� s (i.e. from any successor of sl it is

not possible to reach both sb and im�sj�. Then in state slat least two events c and d are fireable, where c is the firstevent in �, while d is the first event in � (see Figure 13(a)).

Events c and d are from the same FCS and due to thisare internal for some cluster. Then they are non-observablefor at least one of the clusters Cj or C� (say Cj e.g.). Letus consider events e and f� e� f�� Cj that are first met in �

and �. In the projection of Schuseq onto events from Cj thecorresponding states se and sf would be merged into sefand e and f would be fireable from sef (see Figure 13(b)). eand f are from the same FCS because otherwise Proj�Cj�cannot be a valid sequential schedule. Then they both mustbe fireable in states se and sf of Schuseq . Two cases are

jim(s )

s_bj

js

im(s )

s_ef

js_b

jj

jj

s

e f

y

...... ...

... ...

(f)s_b

jjs

j

jim(s )

x

s_ef

... ...

c d

...... ...

s_e

(a)

s_b

f

s_fe

s_l

...

e f

(b)

...

...

c d

......

e ef

... ...

s_e

(c)

s_b

s_f

f

s_efs_l

c d

eef

... ...

......

...

s_l

s_e s_f

f

s_b

(e)

e f

z yh

... ...

... ...

x

(d)

Figure 13. Proof of liveness.

possible:a) sb and im�sj� are reachable by making different

choices for e and f (see Figure 13(c)) andb) sb and im�sj� are reachable by making the same

choice for e and f (see Figure 13(e))In case (a) due to the choice of sl none of the states from

im�sj� are reachable from state sf . Because of this in theProj�Cj�

u once event e is fired, there must exist anotherforking point (denoted in Figure 13(d) by z and h) to makeim�sj� unreachable from sf . For z and h it is possible torepeat the same consideration as for e and f , with the ex-ception that these events are closer to sj . Finally we will ei-ther arrive to the contradiction of keeping FCS relations inprojections (like in Figure 13(b)) or will exhaustively checkall the forks in � or � without distinguishing conditions onreachability of im�sj� and sb. The latter also leads to con-tradiction and proves that the assumption about the validityof case (a) is wrong.

Case (b) (Figure 13(e)) reduces to case (a) because theneed to distinguish the reachability conditions for sb andim�sj� requires to have a fork (denoted by x and y) afterthe firing of f in Proj�Cj �

u. Thus Case 1.1 is proved.

–Case 1.2. b is reachable in Proj�Cj�u from sj (i.e

sjg� ��s�j

b�) but g is blocked in a state s of jjCu

��k byC�

Then the considerations of Case 1.1 might be repeatedfor the pair of Schuseq states sb and sg , where b is fireable insb, while g is fireable in sg .

–Case 2. C��k is not a concurrent schedule for the subnetN n C� of the original PN N obtained by deleting from N

transitions in C�, together with their output places.Then consistency violations are present in the parallel

compositions of clusters C�� Ck and one can repeat theproof for the PNNnC� and sequential scheduleSchseqnC�

which is obtained from the original Schseq by projecting onC� � �� Ck.�

12


0-7695-1887-7/03 $17.00 © 2003 IEEE

Quasi-static scheduling for concurrent architecturesjordicf/gavina/BIB/files/acsd03.pdf · ,...

Documents

Transcript of Quasi-static scheduling for concurrent architecturesjordicf/gavina/BIB/files/acsd03.pdf · ,...